If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Hack SSL Certificates & CA's 0Day PoC

Ok, here's a little article you may or may not find interesting, lets talk about smashing SSL CA security. You've heard about it in the news of late, another CA provider getting hacked etc, but just how hard or easy is it?

How hard or easy is it to hack a root CA steal their certificate and use it for a Man in the Middle with SSLsniff?!

Well first we need to appreciate what an SSL Certificate is, it's just a re-generated certificate that you've bought from a signing authority who has then issued it back to you.

In public key infrastructure (PKI) systems, a certificate signing request (also CSR or certification request) is a message sent from an applicant to a certificate authority in order to apply for a digital identity certificate.

With me so far? Good... So lets apply some thinking here... How do we take someone else's Digital Identity Certificate and steal it and then forge a CSR or certification request so we can use it for our evil intent?!

Well I am going to introduce two tools we can download and use in firefox that will perform these actions, the first one is called the Key Manager For Firefox...

Described by its creator as;
KeyManager is a client side PKI tool for key generation, certificate enrollment, CRL signing, identity and authority delegation.

Once we've installed both of these tools, then we're just about ready to hack just about any Certificate Authority on Planet Earth.

So lets pick someone or a target to hack... someone paying for a premium Platinum SSL for example, who wont really mind if we come along and borrow there's for a demonstration.. I know let's borrow (steal) and export an SSL certificate from PAYPAL (I've never liked them!)

Well I've never agreed with VeriSigns Terms of Use either so we'll have to get rid of those... Next we click on Export to export the certificate to a file.

Save it as x.509 certificate (PEM) in your My Documents folder... Next fire up the Key Manager.

Click on the Servers Tab and click import and in the browser window drop down the list to All Files and import the PEM you just saved.

Then click Ok and goto Cert Mgmt and click sign Cert as CA. Click CSR Source Cert Button and select the PAYPAL certificate you just loaded.

Click sign and use your own CA which you should have had the brains to setup before hand with a Generic CA profile (oops may have forgot to mention that bit) and your done.

You can now use the exported Cert in the issuer database or where-ever you stuck it to perform Man in the Middle attacks with SSLsniff on PAYPAL!

Enjoy!

Caveat:

I may have forgotten to mention a few bits on purpose, like you have to right click view page info and then click the security tab to swipe certificates from site's your viewing with SSL.

There is also a proxy to and from option, but I am sure those of you with the brain can figure out how those bits would be advantageous.

Also if your interested in better security heres some tips;
1> use TCPCRYPT it's been available for quite a while now and addresses this very issue.
2> DO NOT share your SSL certificates with anyone.
Inventor of SSL to Moxie Marlinspike "oh yeah that whole authenticity thing, that was just a hand-wave!"

Last edited by snowshell; November 2nd, 2011 at 07:02 PM.
Reason: Caveat

And this stops you because? Firefox preferences, advanced tab validation, validate a certificate if it specifies on OCSP server.

If you own your own cyber-cafe getting everyone to use your invalid certificate or if they must proxy through you to get to paypal the validation chain is not a problem. It's perfectly valid if your the server handling the request.

The only thing that make's a SSL certificate you've crafted yourself different from one signed by a CA is that your using your own CA for the signing request.

So what stops you from calling yourself, GeoTrust or VeriSign?

An what stops you from authorizing the request via your own OCSP responder?

Nothing...

Of course they may realize later on that they've been had, when they try to access the genuine article elsewhere and get an OCSP Error.

It's a perfectly valid point but one that is mute if your doing a Man-in-the-Middle.
The request has to go through you first before it makes it to the intended target.

Lets have a little topology graph...

Customer(0) ----> Paypal(1) <---->CA_Cert(Request)

What we're attempting to do...

Customer(0) <----> Attacker(1) <----> Paypal(0) <----CA_Cert(Request)

To be perfectly honest all this jumping in the way to decrypt what they're sending to resend it on afterwards and then send the response back to them whilst lulling them into a false sense of security with the words Verified by ..whoever.. is just a long winded proof of concept that it's easier than people think, but in truth you could just install a key-logger in some scenarios and not waste time on the whole idea and that would be done with it.

A man-in-the-middle is kind of an extreme length to goto to obtain some obscure bit of information, I mean do I really give a sh** if someone opens and read's my mail? I can generate my own SSL Certificates and use them for mail signing and then for added extra security I can add PGP to the mix but in truth I do neither because, nearly everyone I know has no idea what PGP is and in truth nothing I ever send by e-Mail is that earth shattering anyway. If it was I would use word of mouth and a thing invented by Alexander Bell called a phone!

Look on the plus side, at least there's maybe now over a handful of people out there that have downloaded these tools and are now expressing an interest in how it would work, so when you've generated your own Generic CA Certificate with RSA @ 2048bit you can go exploring things like the security options in Thunderbird or Outlook Express where you have the option of using your Certificates to enhance your own security on your e-Mail and who knows maybe some of you might like the idea of added security on-top of your PGP/MIME or using them to enforce security on your own Web-Server without having to pay VeriSign or Comodo a small fortune every year to acquire those certificates.. Now @ least your learning how to make them for yourself!